Why Mobile User Behavior is Putting Businesses at Risk

April 6, 2017, Mike Browning

Mobile apps are the front lines of the global battle against mobile threat actors. The ubiquitousness of mobile apps across mobile devices and the relative ease at which they can be built, copied, or compromised makes them a frequent target for cybercrime—and the current state of mobile user behavior isn’t helping.

With millions of apps to choose from across app stores all over the world, malicious apps can easily blend in with their benevolent lookalikes. According to App Annie’s Retrospective 2016 report, there were 90 billion mobile apps worldwide last year, representing 15 percent growth over the prior year. And, unfortunately, it’s not just the security-conscious set who download mobile apps: eMarketer estimated that roughly 98% of US smartphone and tablet app users ages 14 and up would install at least one app in 2016, a wide range of users that’s only growing wider. By 2020, eMarketer projects the number of smartphone and tablet app installers will reach 219.9 million and 144.2 million respectively, up from nearly 185 million and 126 million in 2016.

The risks are real: of RiskIQ’s Global Mobile Database, nearly five percent are blacklisted as malicious or fraudulent. Recently, RiskIQ research* found one in 10 mobile apps out of the 5,315 related to Black Friday in global app stores is blacklisted (unsafe to use) as malicious in our Black Friday eCommerce Blacklist Report, as well as hundreds of fake apps related to romance and dating in our Valentine’s Day Mobile Dating App report.

To better understand the inconsistent mobile safety practices among these consumers at risk of being targeted by threat actors on their mobile devices, RiskIQ commissioned Ginger Commsto survey 1,000 U.S. and 1,000 U.K consumers aged 16 to 60+, specifically focusing on smartphone and mobile app usage. The survey was conducted during February and March 2017. The resulting report shows that over half of all respondents regularly display behaviors that put themselves at risk:

55% click on ads promoting apps and 48% click on links in emails, mobile web and social media promoting apps: When users stray from the primary app store environment (Google Play, Apple App Store, Windows Store, etc.) to look for new apps or as a result of clicking on links promoting apps, the risk of downloading counterfeit or compromised apps increases.

40% rarely or never check the app details before downloading, and 54% rarely or never inspect the T&C’s or permissions being requested during app: Applications that ask for suspicious permissions, like access to contacts, text messages, administrative features, stored passwords, or credit card are usually up to no good. Also, if the developer isn’t related to the app’s brand or has a strange appearance or spelling, especially if it’s leveraging a free email service, there is an elevated risk of the app being fraudulent.

Examples of Suspicious Apps:

Fig-1 This dating app leveraging a URL linking to OkCupid in the description does not quite sound like it was created by a professional…

Fig-2 This Halloween-themed app calls for 128 different permissions. Why would a Halloween arcade game need access to texts (android.permission.SEND_SMS), calls (android.permission.PROCESS_OUTGOING_CALLS), or the ability to remotely wipe your phone (android.permission.BRICK)?

14% of respondents have jailbroken or routed their phone: While modifying a phone can allow more choice for the user, it also bypasses many of the security mechanisms put in place by carriers and official app stores.

With so many careless users and users lacking mobile security acumen, businesses must take it upon themselves to fight the mobile threat actors fraudulently leveraging their brand. Mobile threat actors develop and highjack fraudulent and unauthorized apps designed to divert users, distribute malware, and steal customer or company data are a critical security issue that affects almost every organization.

*The source of RiskIQ’s Blacklists is our collection of internet data, which our collection architecture of virtual users gathers by scanning, crawling, and passive-sensing the internet—including web pages, mobile apps and stores, and a variety of social websites and apps. RiskIQ’s crawling technology covers more than 300 million mobile devices, 1.8 billion HTTP sessions, 783 global locations across more than 100 countries, 16 million mobile apps, and 300 million domain records.